Florian Bogner fbogner
fbogner
/ Invoke-Sharefinder-Ignore-Empty-Folder.ps1
Last active
November 4, 2024 09:46
Invoke-Sharefinder-Ignore-Empty-Folder
fbogner
/ check_login.ps1
Last active
January 31, 2023 09:39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| foreach($line in Get-Content .\users.txt) { | |
| Add-Type -AssemblyName System.DirectoryServices.AccountManagement | |
| $DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('domain') | |
| $username = $line.Trim() | |
| $password = $username.ToLower() | |
| $success=$DS.ValidateCredentials($username, $password) |
fbogner
/ Check-Egregor.ps1
Created
December 7, 2020 21:12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $computername=$env:computername | |
| $logfile="\\dc01\EgregorLog\$computername.csv" | |
| $egregorDll="C:\Windows\egregor.dll" | |
| ################################################################################################# | |
| # This is a small script to monitor/protect all domain joined systems from further Egregor activity. | |
| # It was created during an incident by Florian Bogner, Bee IT Security (https://bee-itsecurity.at) | |
| # | |
| # As described by CyberReason (https://www.cybereason.com/blog/cybereason-vs-egregor-ransomware) | |
| # Egregor uses a DLL for the actual encryption process. This script checks if the "client"-specific |
fbogner
/ check_bitlocker.ps1
Created
October 30, 2020 09:50
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ErrorActionPreference= 'silentlycontinue' | |
| $ping = New-Object System.Net.NetworkInformation.Ping; | |
| # Für alle Rechnernamen in der Textdatei rechner.txt | |
| foreach($line in Get-Content .\rechner.txt) { | |
| # Konvertiere Hostnamen in IP | |
| $pc=$line.Trim() | |
| $ip = "" | |
| $ip = [System.Net.Dns]::GetHostAddresses($pc) |
fbogner
/ IsFolderWritable.ps1
Created
April 25, 2018 19:48
Recursively check if a folder is writable in Powershell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function IsFolderWritable ($test_folder, $verbose) { | |
| if($verbose -eq $null) | |
| { | |
| $verbose = $false | |
| } | |
| # Check if folder is a folder | |
| If (-Not (Test-Path $test_folder -pathType container)) { |